Cybersecurity consortium tackles problems of the future

Northrop Grumman Corp. is funding collaborative research programs at three universities in an effort to address cybersecurity issues plaguing an increasingly online world.

Northrop Grumman Chief Technology Officer Robert Brammer said the company planned to transfer the results of the Cybersecurity Research Consortium’s work to its government customers. The company would not necessarily hold intellectual property rights to discoveries or inventions, he said.

The company is funding 10 projects in the initial five-year cycle at Carnegie Mellon University, the Massachusetts Institute of Technology and Purdue University. The company did not disclose the precise amount of the funding, but Brammer said it was millions of dollars a year.

Eugene Spafford, executive director of Purdue’s Center for Education and Research in Information Assurance and Security, said that government and industry have a similar history of reacting to problems after they occur, even when the problems have been anticipated. In counterpoint to that, he said, the consortium’s research would be forward-looking.

“We’re not trying to build a solution to existing problems,” Spafford said. “We’re looking ahead to the future for a change, instead of being reactive.”

Purdue has a 30-year history of research in computer security, and all of the universities involved have made substantial contributions to the field. Carnegie Mellon in 1989 developed the first national Computer Emergency Response Team, which has become the Homeland Security Department’s U.S. Computer Emergency Readiness Team. Consortium projects will be carried out in its cross-disciplinary CyLab. Research at MIT has made numerous contributions to the Internet’s architecture and it will undertake projects in its Computer Science and Artificial Intelligence Lab, the school’s largest interdepartmental lab.

Research programs being undertaken for the consortium at Purdue are fast forensics, especially for mobile network devices; large-scale network modeling; enabling real-time system analysis; and defense against sophisticated collaborative attacks.

Research programs at Carnegie Mellon are detection mechanisms, minimizing attack windows through automated vulnerability management, and real-time execution trace recording and analysis to track attacks. Adrian Perrig, technical director of CyLab, said CMU takes an interdisciplinary approach to security, looking at threats and vulnerabilities introduced by human behavior as well as by technology.

“The human element is one of the main aspects we deal with,” he said. “People oftentimes make mistakes.”

MIT research programs are information flow and security logging, dependable software analysis, and novel computer architectures to improve security on network nodes. With current architectures, computers are inherently dumb and vulnerable to abuse, said Howard Shrobe, principal research scientist in MIT’s CSAIL.

“It is incapable of knowing it is doing the wrong thing,” Shrobe said. “Our project focuses on designing a new type of computer to minimize vulnerabilities."

This could include a parallel processor that could examine data and operations before execution to assess whether they should be allowed. “Because it is done at the hardware level it is systematic and occurs on each cycle,” he said. “Our goal is to make this type of computer the norm.”

Brammer said Northrop Grumman expects to approach other companies as well as federal agencies about participating in the consortium.